Skip to main content

Incomplete Cleanup

CVE-2023-41835

Severity High
Score 7.5/10

Summary

When a Multipart request is performed but some of the fields exceed the "maxStringLength" limit, the upload files will remain in "struts.multipart.saveDir" even if the request has been denied. Users are recommended to upgrade to versions, that fixes this issue. This issue affects the package org.apache.struts:struts2-core versions through 2.5.31, 6.0.0 through 6.1.2.1, and 6.2.0 through 6.3.0.0.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-459 - Incomplete Cleanup

The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

Advisory Timeline

  • Published